DoD Internet Protocol Version 6 (IPv6) Contractual Language
|
|
- Monica Joseph
- 6 years ago
- Views:
Transcription
1 DoD Internet Protocol Version 6 (IPv6) Contractual Language 1. Purpose: Contents of this document shall be incorporated in Government Acquisition Programs, Procurements, Services, and Contracts (including Licensing Contracts) to ensure compliance with DoD policies on IPv6 applicable to all DoD Information Technology (IT) infrastructure and programs. 2. Objective: Specify and integrate Government IPv6 requirements in all goods and services procured by the Government to migrate DoD networks, systems, services, and applications to IPv6. 3. General Requirement: The Government Acquisition Personnel and Government Contractors shall incorporate the IPv6 requirements described in this document into the procurement, design, configuration, implementation, operation, and management of DoD IT acquisitions and procurement. The IPv6 requirements only apply to IT infrastructure, networks, systems and programs using internet protocol. The Contractor shall provide a migration and transition path to IPv6 given the existing IPv4 infrastructure. The Contractor shall develop the needed documentation for its respective products and services to support the DoD s implementation of IPv6, and/or update existing documentation to reflect IPv6 implementation. 4. DoD Specific IPv6 Requirements: In accordance with the Office of Management and Budget (OMB) Memorandum M to migrate to IPv6 and the DoD CIO implementation policies for IPv6, contractors, vendors, and service providers (thereafter referred to as vendors) shall comply with the two requirements for IPv6. The first requirement addresses acquiring IPv6 Capable products and services (including software and hardware licenses). The second requirement addresses implementation of IPv6 in DoD networks, systems, and programs. Documents DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Definitions, dated 26 June DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Implementation, dated 6 February IPv6 Extracts from Public Law (FY05) and (FY06). OMB Memorandum M-05-22, Transition Planning for Internet Protocol Version (IPv6), dated 2 August OMB 28 September 2010 Directive, Transition to IPv6. Links kt_path_info=ktcore.actions.document.view&f DocumentId= DocumentId= (must click download to view document) ded_public_law_ _sec_331_%26_ _sec_221.doc m0522.pdf Transition_to_IPv6_28Sept2010.pdf DoD IPv6 Transition Office (DITO) 1/8 8 October 2010; Version 2.0
2 DoD Internet Protocol Version 6 (IPv6) Contractual Language DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Interim Transition Guidance, dated 29 September DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6), dated 9 June Item III Internet Protocol Version 6(IPv6) (FAR Case ) DocumentId= (must click download to view document) DocumentId= (must click download to view document) 10/pdf/E pdf (certified by pkisupport@gpo.gov) 4.1. IPv6 Capable Compliance (for products, services, and licenses) Requirement. The vendor's solution shall be in compliance with all applicable Federal and DoD IPv6 policies and the DoD IPv6 Capable definitions as specified in the DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Definitions, dated 26 June A partial excerpt from the DoD IPv6 Capable Definitions memo articulates: "IPv6 Capable Products shall be able to interoperate with other IPv6 Capable Products on networks supporting only IPv4, only IPv6, or both IPv4 and IPv6, and shall also: - Conform with the requirements of the DoD IPv6 Standard Profiles for IPv6 Capable Products document contained in the DISR - Possess a migration path and/or commitment to upgrade from the developer (company Vice President, or equivalent, letter) as the IPv6 standard evolves - Ensure product developer IPv6 technical support is available. - Conform to National Security Agency (NSA) and/or Unified Cross Domain Management Office requirements for Information Assurance products" Deliverables for IPv6 Capable Compliance: IPv6 Letter of Compliance with the DoD IPv6 Standards Profile as documented in the DoD IT Standards Registry (DISR). Refer to: IPv6 Letter of Commitment to upgrade as the IPv6 standard evolves (from the company s Vice President or equivalent). DoD IPv6 Transition Office (DITO) 2/8 8 October 2010; Version 2.0
3 DoD Internet Protocol Version 6 (IPv6) Contractual Language 4.2 IPv6 Implementation Compliance (for DoD Networks, Programs, and Systems) Requirement. Contractors shall provide documentation, and/or update existing documentation, to show the migration path for IPv6 and the phased implementation of IPv6 for their respective products and services. The Contractor shall update existing documentation. A partial excerpt from the DoD IPv6 Capable Definitions memo articulates: "An IPv6 Capable Network shall be ready to have IPv6 enabled for operational use, when mission need or business case dictates. Specifically, an IPv6 Capable Network must: - Use IPv6 Capable Products - Accommodate IPv6 in network infrastructure, services, and management tools and applications - Conform to DoD and NSA-developed IPv6 network security implementation guidance Deliverables for IPv6 Implementation Compliance: IPv6 Implementation Plan/Schedule showing the design and phased implementation of IPv6 support within respective products and services, over time (including risks and dependencies) When requested by TM/COR, DoD Architectural Framework (DODAF) Views showing IPv6 design & implementation in support of DoD System or Program. When requested by TM/COR, Information Support Plan (ISP) showing the integrated NETOPS of Networks and Systems for both IPv4 and IPv6 environments Federal Acquisition Regulation (FAR) Case , Internet Protocol Version 6 (IPv6), dated December 10, Adopts the proposed rule published in the Federal Register at 71 FR 50011, August 24, 2006, as a final rule with minor changes. This final rule amends FAR parts 7, 11, 12, and 39 to require Internet Protocol Version 6 (IPv6) compliant products be included in all new information technology (IT) procurements requiring Internet Protocol (IP): Acquisition documents shall include a paragraph discussing IPv6 compliance for information technology acquisitions using Internet Protocol; Acquisition documents must include the appropriate IPv6 compliance requirements in accordance with the Agency s Enterprise Architecture, unless a waiver to the use of IPv6 has been granted, and DoD IPv6 Transition Office (DITO) 3/8 8 October 2010; Version 2.0
4 DoD Internet Protocol Version 6 (IPv6) Contractual Language Agencies must include the appropriate Internet Protocol compliance requirements consistent with FAR regarding information technology acquisitions using Internet Protocol. 5. IPv6-Related Contract Deliverables Deliverable Title IPv6 Letter of Compliance (for products, services, and licenses) IPv6 Letter of Commitment (for products, services, and licenses; issued by vendor s Vice President or equivalent) IPv6 Implementation Plan/Schedule (for networks, programs, and systems) DODAF Views (for networks, programs, and systems) Information Support Plan (ISP) (for networks, programs, and systems) Format Contractor-Proposed based on the below: oduct_profile_v3_draft.pdf Contractor-Proposed, Government-Approved Contractor-Proposed, Government-Approved COR/TM-Provided COR/TM-Provided 6. IPv6 Warranty Language. The vendor/contractor will warrant that items delivered shall be IPv6 capable. Warranties will vary depending on the equipment, products or services to be provided. Sample warranties are included in Appendix A to be used or modified as necessary depending on the type or procurement and contract. 7. Waivers. Waivers for non-ipv6 capable IT networks, systems, services, and applications need to be coordinated with the Organization s respective IPv6 Transition Office, usually located within the Organization s CIO. Waivers will require the approval of the Organization s CIO or equivalent office. This includes cases where procuring, acquiring or developing IPv6 capability is not currently possible or planned (e.g., due to lack of funding, products or development timeline). Possible rationales for waivers include the following criteria: Profound Operational Need Understood and Tolerable impact on Organization s IT architecture Business Case, including long-term resource implications across the enterprise The waiver should indicate how long a waiver should be granted for new systems. For legacy systems the waiver should indicate how long it should be granted or if it is a request until the end of the life cycle for the system. A sample waiver form is provided in Appendix B. DoD IPv6 Transition Office (DITO) 4/8 8 October 2010; Version 2.0
5 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX A: Sample Warranty Language IT Equipment Warranty The vendor/contractor warrants that each item delivered under this contract shall be able to accurately transmit, receive, process, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the vendor/contractor warrants that: 1) Each item delivered complies with the current Defense IT Standards and Profile Registry (DISR) developed DoD IPv6 Standards Profiles for IPv6 Capable Products 2) Each item delivered maintains interoperability with IPv4 (specifically, is able to operate on/coexist on a network supporting IPv4 only, IPv6 only, or a hybrid of IPv4 and IPv6) 3) Each item delivered is supported by the contractors IPv6 technical support If the contract requires that specific listed products must perform as a system, then the above warranty shall apply to those listed products as a system. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the contractor's standard commercial warranty or warranties contained in this contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the contractor in writing within one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than IPv6 performance. Internet Service Provider (ISP) Warranty The Internet Service Provider (ISP) warrants that connection service delivered to [Organization name.] shall be able to accurately transmit, receive, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the ISP warrants that: 1) Their service complies with the IETF guidelines for Internet Protocol Version 6 (IPv6) Standard (RFC 2460) 2) The ISP has established IPv6 connectivity to its upstream providers and peers either directly or at Internet Exchange Points (IX) 3) The ISP can advertise routes to the Organization s IPv6 address space 4) Any additional services specified in the contract, such as multicasting support or mobility, will be compliant with the IPv6 versions of those services as specified by the IETF 5) Service delivered is supported by the ISP s IPv6 technical support DoD IPv6 Transition Office (DITO) A-5/8 8 October 2010; Version 2.0
6 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX A: Sample Warranty Language Additionally, as IPv6 evolves, the ISP commits to upgrading or providing an appropriate migration path for each network service delivered under this contract. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the contractor's standard commercial warranty or warranties contained in this contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the contractor in writing within one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than IPv6 performance. IPv6 Software Warranty The vendor/developer/contractor confirms that software delivered to the Organization shall be fully dual stacked and able to accurately transmit, receive, process, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the vendor/developer states that: 1) All user functions (data plane) of the application which utilize an IP network service comply with the IETF guidelines for data exchange over Internet Protocol Version 6 (IPv6) Standard (RFC 2460) 2) Unless sold as an IPv6-Only product, this IPv6-capable software is fully dual stacked to maintain interoperability with IPv4. Specifically, the software is able to operate on/coexist on a network supporting IPv4 only, IPv6 only, or a network supporting both IPv4 and IPv6 3) Each software item delivered is supported by the vendor/developer s IPv6 technical support This statement covers functions of the application, any supporting applications, network services the application calls such as RPC or DNS, and any software update functions used by the vendor/developer s software. If some functions work in IPv6 while others require IPv4, the application is considered partially dual stacked with IPv4 dependencies. Additionally, as IPv6 evolves, the vendor/developer/contractor commits to upgrading or providing an appropriate migration path for each piece of software delivered under this contract as long as the Organization continues to purchase maintenance and upgrade licenses. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the contractor's standard commercial warranty or warranties contained in this contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the contractor in writing within one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the DoD IPv6 Transition Office (DITO) A-6/8 8 October 2010; Version 2.0
7 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX A: Sample Warranty Language Government may otherwise have under this contract with respect to defects other than IPv6 performance. DoD IPv6 Transition Office (DITO) A-7/8 8 October 2010; Version 2.0
8 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX B: Sample Waiver Internet Protocol version 6 (IPv6) Waiver. Purpose: The purpose of this waiver is to identify [Organization name:..] networks, systems, services, and applications, which cannot comply with the DoD mandated requirement to be IPv6 capable. 1.) Name(s) of networks, systems, services, and applications 2.) Organization Name Address 3.) Technical POC Point Of Contact Phone Number Address 4.) Management POC Point Of Contact Phone Number Address 5.) Description of networks, systems, services, and applications. 6.) Name all hardware and software system interfaces that are affected by this waiver. Particular attention should be made to any interface to the GIG. 7.) Provide justification for the wavier request. If possible classify your waiver request justification by one of the categories below categories. Hardware (host hardware not available or not upgradeable/replaceable by until specified timeframe) Software (software not available or not upgradeable/replaceable by specified timeframe) Technical (other technical issue preventing compliance with specified timeframe) Programmatic (Cost and/or schedule prohibits compliance to specified timeframe) Other 8.) Is there a transition/implementation plan in place to upgrade the system/product to be IPv6 capable? If so provide a copy of the plan. If there is not a plan indicate when procuring, acquiring or developing IPv6 capability is projected. 9.) Timeframe requested for waiver. PREPARED BY: OFFICE SYMBOL: DATE: DoD IPv6 Transition Office (DITO) B-8/8 8 October 2010; Version 2.0
Federal & NASA IPv6 Updates
Federal & NASA IPv6 Updates LinkedIn Headquarters Sunnyvale, CA Kevin L. Jones NASA IPv6 Transition Manager April 26, 2017 December 1, 2016 September 28, 2010 OMB Memo USG IPv6 Implementation Goals 1.
More informationInformation Systems Security Requirements for Federal GIS Initiatives
Requirements for Federal GIS Initiatives Alan R. Butler, CDP Senior Project Manager Penobscot Bay Media, LLC 32 Washington Street, Suite 230 Camden, ME 04841 1 Federal GIS "We are at risk," advises the
More informationNational Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products
Committee on National Security Systems CNSS Policy No. 19 February 2007 National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products This document prescribes minimum
More informationUSGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY
USGv6: US Government Dale Geesey Chief Operating Officer Auspex Technologies, LLC Phone: 703.319.1925 Fax: 866.873.1277 E-mail: dgeesey@auspextech.com Web: www.auspextech.com IPv6 Transition Activities
More informationENCORE II REQUIREMENTS CHECKLIST AND CERTIFICATIONS
ENCORE II REQUIREMENTS CHECKLIST AND CERTIFICATIONS This form is completed by the Task Monitors and forwarded to DISA/DITCO-Scott with a complete ENCORE II Requirements Package. (electronic signatures
More informationHUMBOLDT COUNTY Website Accessibility Policy
SECTION: Information Technology ORIGINAL ISSUE DATE: 11/08/2016 REVISION DATE: 02/27/2018 10/16/2018 PAGE 1 OF 4 HUMBOLDT COUNTY Website Accessibility Policy I. PURPOSE The purpose of this policy is to
More informationArticle I - Administrative Bylaws Section IV - Coordinator Assignments
3 Article I - Administrative Bylaws Section IV - Coordinator Assignments 1.4.1 ASSIGNMENT OF COORDINATORS To fulfill the duties of the Fiscal Control and Internal Auditing Act (30 ILCS 10/2005), the Board
More informationTest & Evaluation of the NR-KPP
Defense Information Systems Agency Test & Evaluation of the NR-KPP Danielle Mackenzie Koester Chief, Engineering and Policy Branch March 15, 2011 2 "The information provided in this briefing is for general
More information14 January 2013 Presented by: Kevin L. Jones Agency IPv6 Transition Manager
NASA IPv6 Implementation Status TIP 2013 Presented by: Kevin L. Jones Agency IPv6 Transition Manager OMB IPv6 Mandate Goals 1. Designate an IPv6 Transition Manager by 10/30/2010 2. Ensure agency procurements
More informationAgency Guide for FedRAMP Authorizations
How to Functionally Reuse an Existing Authorization Version 1.0 August 5, 2015 Revision History Date Version Page(s) Description Author 08/05/2015 1.0 All Initial Publication FedRAMP PMO 06/06/2017 1.0
More informationOFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA
OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:
More informationParticipation Agreement for the ehealth Exchange
Participation Agreement for the ehealth Exchange This Participation Agreement for the ehealth Exchange ("Agreement") is entered into as of the last date written below ( Effective Date ) by and between
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationROADMAP TO DFARS COMPLIANCE
ROADMAP TO DFARS COMPLIANCE ARE YOU READY FOR THE 12/31/17 DEADLINE? In our ebook, we have answered the most common questions we receive from companies preparing for DFARS compliance. Don t risk terminated
More informationCommittee on National Security Systems. CNSS Policy No. 14 November 2002
Committee on National Security Systems CNSS Policy No. 14 November 2002 National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities
More informationFedRAMP Security Assessment Framework. Version 2.0
FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationDepartment of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit
Department of Veterans Affairs Internet Protocol Version 6 (): North American Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA Transition Manager Outreach Chair, Federal
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationNational Information Assurance (IA) Policy on Wireless Capabilities
Committee on National Security Systems CNSS Policy No. 17 National Information Assurance (IA) Policy on Wireless Capabilities This document prescribes minimum standards. Your department or agency may require
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Boundary and The Network Boundary and for an Enterprise is essential; it provides for an understanding of
More informationRequest for Comments: 3172 BCP: 52 September 2001 Category: Best Current Practice
Network Working Group G. Huston, Editor Request for Comments: 3172 IAB BCP: 52 September 2001 Category: Best Current Practice Management Guidelines & Operational Requirements for the Address and Routing
More informationPalo Alto Unified School District OCR Reference No
Resolution Agreement Palo Alto Unified School District OCR Reference No. 09-17-1194 The Office for Civil Rights (OCR) of the U.S. Department of Education initiated an investigation into an allegation that
More informationU.S. Department of Education Enterprise Architecture Program Office (EAPO)
Enterprise Architecture Program Office (EAPO) IPv6 Transition Guide Version 2.0 April 18, 2011 Revision History Version Comments Date 0.1 Initial Version October 20, 2009 0.2 Changed Overall Structure
More informationSafeguarding Unclassified Controlled Technical Information
Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039): The Challenges of New DFARS Requirements and Recommendations for Compliance Version 1 Authors: Justin Gercken, TSCP E.K.
More informationThe next generation of knowledge and expertise
The next generation of knowledge and expertise UNDERSTANDING FISMA REPORTING REQUIREMENTS 1 HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Defense Security Service Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development COST
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationDepartment of Defense Fiscal Year (FY) 2013 IT President's Budget Request Defense Technical Information Center Overview
Mission Area Department of Defense Business System Breakout Appropriation All Other Resources 19.083 EIEMA 19.083 RDT&E 19.083 FY 2013 ($M) FY 2013 ($M) FY 2013 ($M) FY12 to FY13 Comparision ($M) FY2012
More informationOFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC
OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC 20301-3000 ACQUISITION, TECHNO LOGY. A N D LOGISTICS SEP 2 1 2017 MEMORANDUM FOR COMMANDER, UNITED ST A TES SPECIAL OPERATIONS
More informationSTATE OF NEW JERSEY IT CIRCULAR
NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 Riverview Plaza E. Steven Emanuel, Chief Technology Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT
More informationDepartment of Defense Fiscal Year (FY) 2015 IT President's Budget Request Defense Contract Audit Agency Overview
BMA 3.308 Mission Area Business System Breakout Appropriation PROCUREMENT 1.594 Total 31.395 Defense Business Systems 3.528 EIEMA 28.087 All Other Resources 27.867 FY 2015 ($M) FY 2015 ($M) OPERATIONS
More informationDoDD DoDI
DoDD 8500.1 DoDI 8500.2 Tutorial Lecture for students pursuing NSTISSI 4011 INFOSEC Professional 1 Scope of DoDD 8500.1 Information Classes: Unclassified Sensitive information Classified All ISs to include:
More informationGEOFidelis SDSFIE Implementation Roles and Responsibilities Guide
GEOFidelis SDSFIE Implementation Roles and Responsibilities Guide Version: 1.4 Prepared for: USMC Installation Geospatial Information and Services Program (GEOFidelis) November 19th, 2012 TABLE OF CONTENTS
More informationAdobe Digital Media (Formerly Desktop) Products Enterprise Software Agreement Carahsoft Technology. Blanket Purchase Agreement (BPA) N A-ZF31
Adobe Digital Media (Formerly Desktop) Products Enterprise Software Agreement Carahsoft Technology Blanket Purchase Agreement (BPA) N00104-12-A-ZF31 (Approved 4/21/14) 1 DOD ESI BPA ORDERING GUIDE This
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8551.1 August 13, 2004 ASD(NII)/DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: (a) DoD Directive 8500.1, "Information Assurance (IA),"
More informationPolicy: EIT Accessibility
Purpose: This policy establishes standards for Electronic Information Technology (EIT) accessibility in compliance with applicable local, state and federal regulations and laws. The University of Florida
More informationFedRAMP Security Assessment Framework. Version 2.1
FedRAMP Security Assessment Framework Version 2.1 December 4, 2015 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationOG0-091 Q&As TOGAF 9 Part 1
CertBus.com OG0-091 Q&As TOGAF 9 Part 1 Pass The Open Group OG0-091 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money Back Assurance
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationNetwork Working Group Request for Comments: 1169 K. Mills NIST August 1990
Network Working Group Request for Comments: 1169 V. Cerf IAB K. Mills NIST August 1990 1. Status of this Memo Explaining the Role of GOSIP This informational RFC represents the official view of the Internet
More information2018 SRAI Annual Meeting October Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA
2018 SRAI Annual Meeting October 27-31 Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA Controlled Unclassified Information Regulations: Practical Processes and Negotiations
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Mapping The Network Mapping helps visualize the network and understand relationships and connectivity between
More informationBlanket Purchase Agreement Attachment D Ordering Guide. SolarWinds DLT Solutions, LLC. Blanket Purchase Agreement (BPA) N A-ZF42
SolarWinds DLT Solutions, LLC Blanket Purchase Agreement (BPA) N00104-13-A-ZF42 1 Version Dated: 7 June 2018 DOD ESI BPA ORDERING GUIDE This Ordering Guide has been developed by the DoD ESI team to assist
More informationDepartment of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Advanced Research Projects Agency Overview
Mission Area Business System Breakout Appropriation BMA 0.027 Total 35.003 Defense Business Systems 0.027 All Other Resources 34.976 EIEMA 34.976 FY 2014 ($M) FY 2014 ($M) 35.003 FY 2014 ($M) FY13 to FY14
More informationI. PURPOSE III. PROCEDURE
A.R. Number: 2.11 Effective Date: 2/1/2009 Page: 1 of 5 I. PURPOSE This policy outlines the procedures that third party organizations must follow when connecting to the City of Richmond (COR) networks
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationDefense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024
Report No. DODIG-2013-056 March 15, 2013 Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024 Report Documentation
More informationStatement of Organization, Functions, and Delegations of Authority: Office of the
This document is scheduled to be published in the Federal Register on 07/27/2016 and available online at http://federalregister.gov/a/2016-17737, and on FDsys.gov 4184-40P DEPARTMENT OF HEALTH AND HUMAN
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationCyber Security Guidelines for Defining NIAP Scope Statements
Cyber Security Guidelines for Defining NIAP Scope Statements Version 1.1 Author: Cyber Security Policy and Standards Document Published Date: June 2018 Document History: Version Description Date 1.0 Published
More informationThe Project Charter. Date of Issue Author Description. Revision Number. Version 0.9 October 27 th, 2014 Moe Yousof Initial Draft
The Project Charter Project Title: VDI Data Center Design and Build Project Sponsor: South Alberta Data Centers Inc. (SADC Inc.) Project Customer: The City of Calgary Project Manager: Moe Yousof Document
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationUse of Electronic and Information Technology Accessibility Policy
BUSINESS POLICY Use of Electronic and Information Technology Accessibility Policy Effective Date: November 16, 2017 Policy Number: 2018:04 Policy Owner: EIT Accessibility Coordinator Supersedes: NEW SCOPE
More informationThis is to certify that. Chris FitzGerald. has completed the course. Systems Security Engineering _eng 2/10/08
This is to certify that Chris FitzGerald has completed the course Systems Security Engineering - 206760_eng on 2/10/08 Systems Security Engineering About This Course Overview/Description To define the
More informationHandbook AS-508 August 2002 Transmittal Letter
Section 508 Handbook AS-508 August 2002 Transmittal Letter A. Purpose of this Handbook. This handbook contains information about the requirements of Section 508 of the Rehabilitation Act. Your functional
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationNIST SP : Guidelines for the Secure Deployment of IPv6
NIST SP 800-119: Guidelines for the Secure Deployment of IPv6 Sheila Frankel Computer Security Division NIST sheila.frankel@nist.gov US Government IPv6 Directives: Office of Management and Budget (OMB)
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationNISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015
NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015 Agenda Cybersecurity Information Sharing and the NISP NISP Working Group Update CUI Program Update 2 Executive Order 13691 Promoting Private
More informationDIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)
DIACAP and the GIG IA Architecture 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) 210-9252417 (C) 210-396-0254 jwierum@cygnacom.com OMB Circular A-130 (1996) OMB A-130 required systems and applications
More informationSECTION CORRECTION EFFECTIVE DATE
Errata Sheet Changes to UCR 2008, Change 2 made by UCR 2008, Change 3 for Section 5.1, Requirements Categories and Language and 5.2, Customer Premise Equipment and Legacy Interfaces SECTION CORRECTION
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationOUTDATED. Policy and Procedures 1-12 : University Institutional Data Management Policy
Policy 1-16 Rev. Date: May 14, 2001 Back to Index Subject: WORLD WIDE WEB RESOURCES POLICY PURPOSE To outline the University's policy for students, faculty and staff concerning the use of the University's
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationGovernment of Ontario IT Standard (GO-ITS) Number 30.2 OPS Middleware Software for Java Platform
Government of Ontario IT Standard (GO-ITS) Number 30.2 OPS Middleware Software for Java Platform Version #: 1.0 Status: Approved Prepared for the Information Technology Standards Council (ITSC) under the
More informationU.S. Department of Transportation. Standard
U.S Department of Transportation Federal Aviation Administration U.S. Department of Transportation Federal Aviation Administration Standard DATA STANDARD FOR THE NATIONAL AIRSPACE SYSTEM (NAS) Foreword
More informationGSAW Information Assurance in Government Space Systems: From Art to Engineering
GSAW 2006 Information Assurance in Government Space Systems: From Art to Engineering Charles Lavine The Aerospace Corporation 310-336-1595 lavine@aero.org 1 Toward the Global Information Grid Toward the
More informationAdministrative Changes to TINKERAFBI , Automated Information System (AIS) Access and Data Release Requirements
Administrative Changes to TINKERAFBI 33-110, Automated Information System (AIS) Access and Data Release Requirements OPR: 72 ABW/SCP: Special Mission Division References throughout to https://wwwmil.tinker.af.mil/ites/opr.asp
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationIPv6 Transition Progress
Department of Veterans Affairs Transition Progress 2011 and Beyond February 2, 2011 Steven Pirzchalski Transition Manager Agenda USG Then and Now 2011 and Beyond 2005 2010 USG IPV6 THEN AND NOW 12/13/2010
More informationStreamlined FISMA Compliance For Hosted Information Systems
Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and
More informationData Processing Agreement
Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT
More informationProvider Monitoring Process Overview Training. Updated August Course#: C Music Only No Narration
Music Only No Narration Course#: C-017-1 1 This webcast includes spoken narration. To adjust the volume, use the controls at the bottom of the screen. While viewing this webcast, there is a pause and reverse
More informationDOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors
McKenna Government Contracts, continuing excellence at Dentons DOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors Phil Seckman Mike McGuinn Quincy Stott Dentons US LLP Date: January
More informationNIST Special Publication
NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Ryan Bonner Brightline WHAT IS INFORMATION SECURITY? Personnel Security
More informationPSEG Nuclear Cyber Security Supply Chain Guidance
PSEG Nuclear Cyber Security Supply Chain Guidance Developed by: Jim Shank PSEG Site IT Manager & Cyber Security Program Manager Presented at Rapid 2018 by: Bob Tilton- Director Procurement PSEG Power Goals
More informationINTRODUCTION TO DFARS
INTRODUCTION TO DFARS 800-171 CTI VS. CUI VS. CDI OVERVIEW COPYRIGHT 2017 FLANK. ALL RIGHTS RESERVED. INTRODUCTION TO DFARS 800-171 CTI VS. CUI VS. CDI OVERVIEW Defense contractors having to comply with
More informationFederal Government Adoption of Internet Protocol Version 6 (IPv6) Frequently Asked Questions. Updated: November 4, 2011
Federal Government Adoption of Internet Protocol Version 6 (IPv6) Frequently Asked Questions Updated: November 4, 2011 BACKGROUND In September 2010, OMB issued a memorandum requiring federal agencies to
More informationWireless Communication Device Use Policy
Wireless Communication Device Use Policy Introduction The Wireless Communication Device Policy exists to provide guidance to employees regarding the acquisition and use of William Paterson University provided
More informationProvider Monitoring Process
Provider Monitoring Process This statewide provider monitoring process is applicable for all providers including direct vendors, Agency with Choice (AWC) Financial Management Services (FMS) providers and
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Deployment Deployment is the phase of the system development lifecycle in which solutions are placed into use to
More informationWhat s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release
Oracle Cloud What's New for Oracle Cloud Stack Release 18.3.2 E83240-17 July 2018 What s New for Oracle Cloud Stack Manager Oracle Cloud Stack Manager is upgraded in Oracle Cloud data centers as soon as
More informationCNSS Advisory Memorandum Information Assurance December 2010 Advisory Memorandum
December 2010 Advisory Memorandum Reducing the Risk of Removable Media in National Security Systems NATIONAL MANAGER FOREWORD 1. Using removable media presents serious risks to the security of National
More informationOutline. Other Considerations Q & A. Physical Electronic
June 2018 Outline What is CUI? CUI Program Implementation of the CUI Program NIST SP 800-171A (Draft) Federal Acquisition Regulation update Basic and Specified CUI Marking Destruction Controlled Environments
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationVendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo
Vendor: The Open Group Exam Code: OG0-091 Exam Name: TOGAF 9 Part 1 Version: Demo QUESTION 1 According to TOGAF, Which of the following are the architecture domains that are commonly accepted subsets of
More informationAccreditation Process. Trusted Digital Identity Framework February 2018, version 1.0
Accreditation Process Trusted Digital Identity Framework February 2018, version 1.0 Digital Transformation Agency This work is copyright. Apart from any use as permitted under the Copyright Act 1968 and
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationUNCLASSIFIED. Exhibit R-2, RDT&E Budget Item Justification Date: February 2008 Appropriation/Budget Activity RDT&E, Dw BA 06
Exhibit R-2, RDT&E Budget Item Justification Date: February 2008 R-1 Item Nomenclature: Support to Networks and Information Integration, 0605170D8Z Cost ($ in millions) FY 2007 FY 2008 FY 2009 FY 2010
More informationGovernance, Risk, and Compliance: A Practical Guide to Points of Entry
An Oracle White Paper January 2010 Governance, Risk, and Compliance: A Practical Guide to Points of Entry Disclaimer The following is intended to outline our general product direction. It is intended for
More informationWireless Communication Stipend Effective Date: 9/1/2008
Category: Financial Policy applicable for: Faculty/Staff Policy Title: Policy Number: Wireless Communication Stipend Effective Date: 9/1/2008 Enabling Act(s) IRS rule 2.1.7 Policy Owner: Sr. VP for Administration
More informationSecuring Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS
Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS Introduction The expectations and requirements on government contracts for safety and security projects
More informationIT Security Evaluation and Certification Scheme Document
IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents
More informationPERSONAL DATA PROTECTION ACT 2012 COMPLIANCE NATIONAL UNIVERSITY OF SINGAPORE DO NOT CALL POLICY
PERSONAL DATA PROTECTION ACT 2012 COMPLIANCE NATIONAL UNIVERSITY OF SINGAPORE DO NOT CALL POLICY Table of Contents Summary... 3 Introduction... 3 Scope of the DNC regime/framework... 4 The Prohibitions/Requirements...
More informationClick to edit Master title style
Federal Risk and Authorization Management Program Presenter Name: Peter Mell, Initial FedRAMP Program Manager FedRAMP Interagency Effort Started: October 2009 Created under the Federal Cloud Initiative
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationRegulatory Notice 10-21
Regulatory Notice 10-21 SEC Approves New Consolidated FINRA Rules SEC Approval and Effective Dates for New Consolidated FINRA Rules and the Repeal of Certain NASD and Incorporated NYSE Rules Effective
More information